“We accept today’s decision by the ICO and have co-operated fully throughout its investigation into the illegal cyber-attack on a specific system within one of Carphone Warehouse’s UK divisions in 2015," said Carphone Warehouse.

The doors were wide open for those that had the knowledge to breach the system

Carphone Warehouse, part of the Dixons Carphone Plc (LON:DC) group, has been fined £400,000 after it suffered a cyber-attack in 2015.

“A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks,” said information commissioner Elizabeth Denham.

Having said that, there is no evidence that there had been instances of identity theft or fraud.

The ICO discovered 11 separate issues with the company’s data protection and security practices, any of which would have breached the Data Protection Act on their own. These included using the same root password being used on every one of the company's servers; no anti-virus software on the servers that held the data; and the storage of full credit card details when there was no requirement to do so.

Dixons Carphone plc is Europe's leading specialist electrical and telecommunications retailer and services company, employing over 40,000 people in 14 countries. It sells over £10bn worth of products and services every year, online and in its c.3,000 stores.

Dixons Carphone plc is Europe's leading specialist electrical and telecommunications retailer and services company, employing over 40,000 people in 14 countries. It sells over £10bn worth of products and services every year, online and in its c.3,000 stores.

Partners:

Proactive Investors Limited, trading as “Proactiveinvestors United Kingdom”, is Authorised and regulated by the Financial Conduct Authority.
Registered in England with Company Registration number 05639690. Group VAT registration number 872070825 FCA Registration number 559082. You can contact us here.